With state-sponsored threats and hacktivism thrown into the mix, one cybersecurity firm’s telemetry reflected the aggregated outcome for 2022

Going by its customer ecosystem telemetry, a cybersecurity firm has announced a 55% increase in overall threat detections for year 2022 compared to that of 2021.

The data showed that threat actors were gaining initial access through remote services, then expanding their footprint within the environment through credential dumping to utilize valid accounts. An 86% increase in backdoor malware detections showed threat actors trying to maintain their presence inside networks for a future attack. These backdoors were primarily targeting web server platform vulnerabilities in the customer ecosystems.

Additional findings include:

    • A record number of Zero Day Initiative (ZDI) advisories (1,706) for the third year in a row (for the yearly threat report by the firm) possibly due to a rapidly expanding corporate attack surface and researcher investment in automated analysis tools, which were finding more bugs. The number of critical vulnerabilities had doubled in 2022. Two out of the top three CVEs reported in the firm’s protection ecosystem in 2022 were related to Log4j.
    • An increase in failed/incomplete patching practices and false confidence arising from believing patching had been performed, organizations had to incur extra time and money for remediation efforts, and this was exposing firms to unnecessary cyber risks.
    • In the data, web shells were the top-detected malware of the year, surging 103% over 2021 figures. Emotet detections were second, after undergoing something of a resurgence. LockBit and BlackCat were the top ransomware families of 2022 in the telemetry analysis.
    • In a bid to address declining profits, ransomware groups had rebranded and diversified, with expected attempts to move into adjacent areas that monetize initial access, such as stock fraud, business email compromises (BEC), money laundering, and cryptocurrency theft.

According to Jon Clay, VP, Threat Intelligence, Trend Micro (Hong Kong), which reported its yearly telemetry findings: “2022 (was) a year when threat actors went ‘all-in’ to boost profits. A surge in backdoor detections is particularly concerning in showing us their success in making landfall inside networks. To manage risk effectively across a rapidly expanding attack surface, stretched security teams need a more streamlined, platform-based approach” covering stepped-up overviews of IT asset management, cloud security, security protocols and all attack surfaces.